CentOS Update For Squirrelmail CESA-2009:1490 Centos4 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

SquirrelMail is a standards-based webmail package written in PHP. Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. (CVE-2009-2964) Users of SquirrelMail should upgrade to this updated package, which contains a backported patch to correct these issues.

Affected

squirrelmail on CentOS 4

References

http://lists.centos.org/pipermail/centos-announce/2009-October/016185.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2964

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1651 (ntp)
CentOS Security Advisory CESA-2009:1335 (openssl)
CentOS Update for 389-ds-base CESA-2013:1182 centos6
CentOS Security Advisory CESA-2009:1083 (cups)
CentOS Update for apr CESA-2011:0844 centos4 x86_64

CentOS Update for squirrelmail CESA-2009:1490 centos4 i386

Take action and discover your vulnerabilities